The Home Region

When you sign up for Oracle Cloud Infrastructure, Oracle creates a tenancy for you in one region. This is your home region. Your home region is where your IAM resources are defined. When you subscribe to another region, your IAM resources are available in the new region, however, the master definitions reside in your home region and can only be changed there.

Resources that you can create and update only in the home region are:

Users

Groups

Policies

Compartments

Dynamic groups

Federation resources

When you use the API to update your IAM resources, you must use the endpoint for your home region. (See How do I find my tenancy home region?)IAM automatically propagates the updates to all regions in your tenancy.

When you use the Console to update your IAM resources, the Console sends the requests to the home region for you. You don't need to switch to your home region first. IAM then automatically propagates the updates to all regions in your tenancy.

When you subscribe your tenancy to a new region, all the policies from your home region are enforced in the new region. If you want to limit access for groups of users to specific regions, you can write policies to grant access to specific regions only. For an example policy, see Restrict admin access to a specific region.

Note

IAM Updates Are Not Immediate Across All Regions

When you create or update an IAM resource, be aware that you need to allow up to several minutes for the changes in your home region to become available in all regions.

Using the Console

Open the Console, open the Region menu, and then click Manage Regions. A list of the regions offered by Oracle Cloud Infrastructure is displayed. Regions that you have not subscribed to provide a button to create a subscription.

ListRegions: Returns a list of regions offered by Oracle Cloud Infrastructure in your selected A logical collection of regions. Realms are isolated from each other and do not share any data. Your tenancy exists in a single realm and can access the regions that belong to that realm..

Region FAQs

A region subscription is at the tenancy level. An administrator can subscribe the tenancy to a region. All IAM polices are enforced in the new region, so all users in the tenancy will have the same access and permissions in the new region.

When you select a region in the Console, you are shown a view of the resources in your selected region. Most cloud resources (instances, VCNs, buckets, etc.) exist only in a specific region, so you only see them when you select the region where they were created. The exception is IAM resources: compartments, users, groups, and policies are global across all regions. See also Working Across Regions.

Service limits can be scoped to the tenant level, the region level, or the availability domain level. When you subscribe to a new region, you get access to the region and its availability domains. Service limits apply accordingly. The service limits page lists the scope of each resource limit.